[Spacewalk-list] SELinux contexts for distro trees
Patrick Hurrelmann
patrick.hurrelmann at lobster.de
Tue Oct 25 09:47:12 UTC 2011
On 13.10.2011 13:55, Jan Pazdziora wrote:
> On Thu, Oct 13, 2011 at 11:03:28AM +0200, Patrick Hurrelmann wrote:
>>
>> I'm struggeling with the same issue. Maybe someone can sched some lights
>> on it, as couldn't find any information regarding this topic.
>>
>> I tried to loop mount a CentOS 6 iso and manually adding the extracted
>> content. Neither worked. But if selinux is set to permissive, both ways
>> work.
>
> What AVC denial do you get on your system? I can see
>
> # sesearch --allow -s cobblerd_t -t iso9660_t
> Found 3 semantic av rules:
> allow cobblerd_t iso9660_t : file { ioctl read getattr lock open } ;
> allow cobblerd_t iso9660_t : dir { ioctl read getattr lock search open } ;
> allow cobblerd_t iso9660_t : lnk_file { read getattr } ;
>
> with
>
> # rpm -q selinux-policy-targeted
> selinux-policy-targeted-3.7.19-113.el6.noarch
>
> so if your ISO is mounted right, it should work.
>
Hi Jan,
thanks for your response. In the meantime I finished a fresh setup of
spacewalk and I cannot reproduce this any longer. I guess in the
previous install sth. was wedged.
Best regards
Patrick
More information about the Spacewalk-list
mailing list